HTTP Request Smuggling Due to Incorrect Parsing of Multi-line Transfer-Encoding

We discussed this vulnerability during Episode 163 on 31 October 2022

Improper handling of multi-line header values, specifically in handling the Transfer-Encoding header Node would parse the value up to the first new-line and not include the remaining content.

Transfer-Encoding: chunked
 , identity

The value of the header should be chunked , identity, with identity indicating the body is 0 bytes. However Node will parse it as chunked so may incorrectly parse a body to the request.